Microsoft Security Bulletin Summary for January 2014
This is a follow up on Microsoft’s earlier announcement regarding a security threat for Microsoft Dynamics.
The update is available for the following versions:
- Dynamics AX 4.0
- Dynamics AX2009
- Dynamics AX2012
- Dynamics AX2012-R2
The update is a kernel update, which requires a restart of AX after the installation.
The security bulletin with the links to the correct download can be found here http://technet.microsoft.com/en-us/security/bulletin/ms14-004
Microsoft issued a Security Bulletin Summary which affects: Microsoft Office, Windows and Microsoft Dynamics AX. All have been marked as Important, which is one level below critical.
A webcast will be hosted tomorrow January 15th, at 11:00 AM PST, and we encourage all our customers to attend this event to learn more about the vulnerabilities of their AX environments. A description of the security issue is below:
Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826)
This security update resolves one privately reported vulnerability in Microsoft Dynamics AX. The vulnerability could allow denial of service if an authenticated attacker submits specially crafted data to an affected Microsoft Dynamics AX Application Object Server (AOS) instance. An attacker who successfully exploited this vulnerability could cause the target AOS instance to stop responding to client requests.
Please register for the webcast here: https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032572876&Culture=en-US
Please also have your IT Team pay attention to the other security threats in this security bulletin.